Swif.ai supports NixOS as part of its Linux MDM platform, enabling centralized device management, policy enforcement, and compliance monitoring.

1. Prerequisites

A supported NixOS installation.
Admin/root privileges on the device.

2. Enrollment Methods

You can integrate Swif.ai with NixOS using either:

Default NixOS Configuration
Flake-based Configuration

3. Default NixOS Configuration

Install by URL

Configure swifteam settings in /etc/nixos/configuration.nix

{ config, pkgs, lib, ... }:

let
  swifteamTarball = builtins.fetchTarball {
    url = "https://cdn.swifteam.com/st-agent-linux/{version}/nixos/swifteam.tar.gz";
    sha256 = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
  };
in
{
  imports = [
    (import "${swifteamTarball}")
  ];

  # Please fill in the required information in the configuration.
  services.swifteam = {
    enable = true;
    teamId = "{teamId}";
    name = "{name}";
    surname = "{surname}";
    email = "{email}";
  };
}

Rebuild NixOS
$ sudo nixos-rebuild switch
Reboot system
Check if swif-agent.service is running
$ sudo systemctl status swif-agent.service

Import local generated files in /etc/nixos/configurations.nix

{
  imports = [
    (import "${swifteamTarball}")
    ./swifteam
  ]
}

Rebuild NixOS again
$ sudo nixos-rebuild switch

Install by local path

Download swifteam.tar.gz
$ curl -OL https://cdn.swifteam.com/st-agent-linux/<version>/nixos/swifteam.tar.gz
Create directory
$ sudo mkdir /etc/nixos/swifteam
Extract swifteam.tar.gz
$ sudo tar -xzvf swifteam.tar.gz -C /etc/nixos/swifteam

Configure swifteam settings in /etc/nixos/configurations.nix

{ config, pkgs, lib, ... }:

{
  imports = [
    ./swifteam
  ];

  # Please fill in the required information in the configuration.
  services.swifteam = {
    enable = true;
    teamId = "{teamId}";
    name = "{name}";
    surname = "{surname}";
    email = "{email}";
  };
}

Rebuild NixOS
$ sudo nixos-rebuild switch
Reboot system
Check if swif-agent.service is running
$ sudo systemctl status swif-agent.service

4. Flake-based Configuration

Install by URL

Configure swifteam settings in flake.nix

{
  inputs = {
    swifteamTarball = {
      url = "https://cdn.swifteam.com/st-agent-linux/{version}/nixos/swifteam.tar.gz";
      flake = false;
    };
  };
  
  outputs = { self, nixpkgs, swifteamTarball, ... }@inputs: {
    nixosConfigurations.swifteamHostname = nixpkgs.lib.nixosSystem {
      modules = [
        (import "${swifteamTarball}")
        ({ ... }: {
          services.swifteam = {
            enable = true;
            teamId = "{teamId}";
            name = "{name}";
            surname = "{surname}";
            email = "{email}";
            nixRootPath = "{nixRootPath}";
          };
        })
      ];
    };
  };
}

Rebuild flake environment
$ sudo nixos-rebuild switch --flake <nixRootPath>#<flakeHostname>
Reboot system
Check if swif-agent.service is running
$ sudo systemctl status swif-agent.service

Import local generated files in flake.nix

{
  outputs = { self, nixpkgs, swifteamTarball, ... }@inputs: {
    nixosConfigurations.swifteamHostname = nixpkgs.lib.nixosSystem {
      modules = [
        (import "${swifteamTarball}")
        ({ ... }: {
          services.swifteam = {
            enable = true;
            teamId = "{teamId}";
            name = "{name}";
            surname = "{surname}";
            email = "{email}";
            nixRootPath = "{nixRootPath}";
          };
        })
        ./swifteam
      ];
    };
  };
}

Rebuild flake environment again
$ sudo nixos-rebuild switch --flake <nixRootPath>#<flakeHostname>

Install by local path

Download swifteam.tar.gz
$ curl -OL https://cdn.swifteam.com/st-agent-linux/<version>/nixos/swifteam.tar.gz
Create directory
$ mkdir <nixRootPath>/swifteam
Extract swifteam.tar.gz
$ sudo tar -xzvf swifteam.tar.gz -C <nixRootPath>/swifteam

Configure swifteam settings in flake.nix

{
  outputs = { self, nixpkgs, swifteamTarball, ... }@inputs: {
    nixosConfigurations.swifteamHostname = nixpkgs.lib.nixosSystem {
      modules = [
        ./swifteam
        {
          services.swifteam = {
            enable = true;
            teamId = "{teamId}";
            name = "{name}";
            surname = "{surname}";
            email = "{email}";
            nixRootPath = "{nixRootPath}";
          };
        }
      ];
    };
  };
}

Rebuild flake system
$ sudo nixos-rebuild switch --flake <nixRootPath>#<flakeHostname>
Reboot system
Check if swif-agent.service is running
$ sudo systemctl status swif-agent.service

5. Verification

After rebuilding:

Run to verify the Swif agent installation.
```
$sudo systemctl status swif-agent.service
```
Check the device’s status in Swif Console → Device Inventory.

6. Post-Enrollment Steps

Apply Policies: Security, compliance, or configuration policies can now be applied from the Swif console.
Remote Management: Use Swif’s features to lock, restart, shut down, or even erase a device if needed.
Software & OS Patch Management: Automate package updates on your Linux endpoints from one central location.
Summary of the NixOS support features:
1. Script Installer —Flake-based Configuration: Install by URL or by local path
2. Desktop App
3. Disk Health
4. Device Specifications
5. Accounts
6. Commands
7. Applications
8. Certificate
9. Live terminal
10. Package manager
11. Password Policy
12. Screensaver Policy
13. Change Password
14. Reboot
15. Shutdown
16. Device Lock
17. Soft Wipe
18. Remove Swif Agent
Swif's Desktop app compatibility: Used for in-app notification and compliance display

	x86_64	arm_64
Ubuntu	√	√
Fedora	√	√
NixOS	√	X

Here is the notice that will be added to the help article, based on Jira issues ST-5966 and ST-5878, and referencing the work by Yoge Chou:

Notice: How the NixOS Rebuild Notification Works

When using Swif.ai MDM on NixOS devices, you may receive an in-app notification prompting you to run the nixos-rebuild command. This notification is designed to help you keep your device up to date with the latest configurations and security policies managed by your organization.

You will receive an email notification.
The in-app notification will appear in the desktop app, similar to update prompts you may have seen in other applications (e.g., Zoom).
You will be given a clear call-to-action (CTA) to run the rebuild command. There is also an option to “Skip for now” if you are not ready to proceed.
If you choose to skip, you can continue using your device as usual, but it is recommended to complete the rebuild at your earliest convenience to ensure compliance and security.
ARM support for NixOS is currently not available, but updates are being tracked.

7. Troubleshooting

Check system logs for swifteam service errors:
```
journalctl -u swifteam
```
Re-run nixos-rebuild if configuration changes are made.

8. FAQ

What is the `nixRootPath` option? I'm using a flake-based setup, and the flake is not in `/etc/nixos`, do I need to set this?

Answer: Please set nixRootPath to the location of your flake.nix. If any local configurations are generated, they will be stored under {nixRootPath}/swifteam. You’ll need to import this folder the first time. Whenever there are changes, swif-agent will send a notification to inform you that a rebuild is required.
What will Swif manage in the system? How does it work with my own config if there is a conflict?

Answer: Swif-agent uses Nix derivations to manage applications, users, PAMs, and other system components. In case of any conflicts, swif-agent will overwrite them to ensure security and consistency.
Could there be a https://cdn.swifteam.com/st-agent-linux/latest/nixos/swifteam.tar.gz url that gets updated automatically, so that I can simply update the flake lock with `nix flake update`?

Answer: Even with CDN, the URL has to be a unique URL for each version. So it doesn't make sense to use CDN.